Sympa

Presentation

Sympa is a mailing list manager. See http://www.sympa.org for more informations.

There are two ways to configure SSO with Sympa:

Magic authentication

Sympa configuration



Edit the file "auth.conf", for example:

# vi /etc/sympa/auth.conf


And fill it (replace all "example" elements):
generic_sso
        service_name                    LemonLDAP::NG
        service_id                      lemonldapng
        email_http_header               HTTP_MAIL
        netid_http_header               HTTP_AUTH_USER
        internal_email_by_netid         1
        logout_url                      http://sympa.example.com/wws/logout
  1. Additional authentication schemes can be set but they will be ignored with Lemonldap::NG auto-login feature

Apache configuration

We recommend to create a virtualhost for Sympa(eg. http://sympa.example.com). Then configure this virtualhost in your existing Apache configuration:

# The following lines must be set once for all virtualhosts 
NameVirtualHost *

PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm PerlOptions +GlobalRequest <Files ~ ".(pl)$"> SetHandler perl-script PerlHandler ModPerl::Registry PerlSendHeader On </Files>

# Define here all protected virtualhosts <VirtualHost *> ServerName sympa.example.com

# WebSSO protection :

# * with auto-login PerlHeaderParserHandler Handler

# * without auto-login #<Location /wws/sso_login/lemonldapng> # PerlHeaderParserHandler Handler #</Location> #

# Optional : reload mechanism (see doc for more) <Location /reload> PerlHeaderParserHandler Handler->reload </Location>

# Sympa normal configuration (example) RedirectMatch ^/$ /wws Alias /wwsicons /usr/share/sympa/icons ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi

# Logging LogLevel warn ErrorLog /var/log/apache2/sympa-error.log CustomLog /var/log/apache2/sympa-access.log combined </VirtualHost>

LemonLDAP::NG configuration

Go to the manager and create a new virtual host:
sympa.example.com


Then create the access rule. Example:
default => accept


And set the correct HTTP headers:
Auth-User => $uid
mail => $mail

Sympa auto-login

Note : this configuration enforces your sympa security, as the sympa auth cookie is neither visible nor editable by users.

Configure Sympa virtual host in Apache

You will configure Sympa vhost like other protected vhost but you will use Sympa handler instead of default handler.

<VirtualHost *>
        ServerName sympa.example.com

# Load Sympa Handler PerlRequire __HANDLERDIR__/MyHandlerSympa.pm PerlHeaderParserHandler My::Sympa

</VirtualHost>

Configure Sympa Handler parameters

Go in Manager, Default parameters > Advanced parameters > Special handlers > Sympa, and edit the different keys:

For older release (0.9.4)

The above method does not work for LemonLDAP::NG < 1.0. Follow these steps instead: Warning : you must have and header named "mail" and containing the good user's mail value (the one used by Sympa).